From: tcmay@netcom.com (Timothy C. May)
Date: Sun, 3 Jul 94 00:51:40 PDT
To: cypherpunks@toad.com
Subject: Visual Passphrases
In-Reply-To: <199407030709.AA16211@world.std.com>
Message-ID: <199407030730.AAA05703@netcom12.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



Another approach to getting enough entropy in passwords/phrases is a
"visual key" where one mouses from position to position in a visual
environment. That is, one is presented with a scene containg some
number of nodes, perhaps representing familiar objects from one's own
home, and a path is chosen.

The advantage is that most people can remember fairly complicated
(read: high entropy) "stories." Each object triggers a memory of the
next object to visit. (Example: door to kitchen to blender to
refrigerator to ..... ) This is the visual memory system said to be
favored by Greek epic poets.

This also gets around the keyboard-monitoring trick (but not
necessarily the CRT-reading trick, of course).

I haven't used one of these schemes, but I recall hearing that at
least one commercial product offers this as an option.

It might be an interesting hack to offer this as a front end for PGP.

Even a simple grid of characters which could be moused on could be an
assist in using long passphrases.

(But someone has probably patented this approach.)

--Tim May

P.S. I'm not hung up on passphrases as a major weakness. I think theft
of keys and keystroke capturing on compromised machines are much
more important practical weaknesses.

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."